com.google.android.gms.auth.api.phone

SmsRetriever contains two APIs, the SMS Retriever API and the SMS User Consent
API, that provide access to Google services that help you retrieve SMS messages directed to
your app, without having to ask for android.permission.READ_SMS or
android.permission.RECEIVE_SMS.

Many apps use phone numbers to verify the identity of a user. The app sends an SMS
message containing an OTP (One Time Passcode) to the user, who then enters the OTP from the
received SMS message to prove ownership of the phone number.

In Android, to provide a streamlined UX, an app may request the SMS read permission, and
retrieve the OTP automatically. This is problematic since this permission allows the app to
read other SMS messages which may contain the user's private information. Also, the latest
Play Store policy changes restrict access to SMS messages.

The SMS Retriever API solves this problem by providing app developers a way to
automatically retrieve only the SMS directed to the app without asking for the SMS read
permission or gaining the ability to read any other SMS messages on the device.

The SMS User Consent API complements the SMS Retriever API by allowing an app to prompt
the user to grant access to the content of the next SMS message that contains an OTP. When
a user gives consent, the app will then have access to the entire message body to
automatically complete SMS verification.

The SMS Retriever API completely automates the SMS-based OTP verification process for
the user. However, there are situations where you don’t control the format of the SMS
message and as a result cannot use the SMS Retriever API. In these situations, you can use
the SMS User Consent API to streamline the process.